Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] How to change the severity level of a specific syslog message

0

0

Article ID: KB26581 KB Last Updated: 28 Dec 2018Version: 2.0
Summary:
This article provides information on how to enable the SNMP_TRAP_LINK_UP syslog message in the default syslog configuration and introduces a new feature - priority-override under the event-options hierarchy level to enable it.
Symptoms:
By default, in Junos, the severity level for all of the facilities is notice; except for the authorization facility:
file messages {
    any notice;
    authentication info;
}
So, you cannot see some log messages, whose severity levels are lower than notice (except for the authentication facility). You can change the severity from any notice to any info or any debug. But, you will see a lot of unnecessary info or debug level syslog messages, as it will change the severity level per facility.

For example,

in the default configuration, you can see the SNMP_TRAP_LINK_DOWN message; but not the SNMP_TRAP_LINK_UP message, as the severity level of SNMP_TRAP_LINK_DOWN is warning, however, for SNMP_TRAP_LINK_UP it is info.

You can change the severity of the daemon facility to info to enable SNMP_TRAP_LINK_UP. But you will see a lot of unnecessary info level syslog messages of the daemon facility.
Cause:
  • Before Junos 12.1, only the changing of the severity level per facility was supported.

  • From Junos 12.1, the changing of the security level for a specific syslog message is supported.
Solution:
Before Junos 12.1, use the following workaround:
 
  1. When you log messages to the HDD or Flash memory, dedicate one or more log file to the up/down link.
    file messages {
        any notice;
        authentication info;
        explicit-priority;
    }
    file interface_status {
        daemon info;
        explicit-priority;
        match "(SNMP_TRAP_LINK_UP|SNMP_TRAP_LINK_DOWN)";
    }
  2. When you log messages to the syslog server, configure two IP addresses for the syslog server (in this example, 10.0.0.1 and 10.0.0.2):
    host 10.0.0.1 {
        any notice;
        authentication info;
        explicit-priority;
    }
    host 10.0.0.2 {
        daemon info;
        explicit-priority;
        match "(SNMP_TRAP_LINK_UP)|(SNMP_TRAP_LINK_DOWN)";
    }
    
From Junos 12.1, you can change the facility and severity level:

For both the syslog file and server, You can use the priority-override feature under the event-options hierarchy to change the severity of a specific syslog message:
event-options {
    policy test {
        events SNMP_TRAP_LINK_UP;
        then {
            priority-override {
            facility daemon;
            severity notice;
            }
        }
    }
}
Modification History:
2018-04-21: corrected match "(SNMP_TRAP_LINK_UP)|(SNMP_TRAP_LINK_DOWN)" syntax.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search